New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add non-CRD yaml file #3992
Comments
Hi @rittneje, Can you please give some more information on what tweaks you are making to the yaml files? Are you using any tools for that, eg. kustomize? Cert-manager supports tuning these yaml manifests using Helm's templating engine. You can use Helm to install cert-manager directly: https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm, or you can use Helm to generate the static yaml manifests that can be applied using This documentation contains more info on all supported helm parameters: |
We do not use Helm. We just have a copy to the manifest with the changes to it in our repo.
|
The following commands should generate the requested static yaml manifest: $ helm repo add jetstack https://charts.jetstack.io
$ helm repo update
$ helm template \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.4.0 \
> cert-manager.no-crds.yaml I'll check if it would be possible to also add this manifest to upcoming releases. |
@inteon I discovered that you can also use label selectors in # All non-crds (CRDs don't have a component label)
kubectl create \
-f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml \
--dry-run=client \
-o yaml \
-l 'app.kubernetes.io/component'
# Just the webhook and controller components
kubectl create \
-f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml \
--dry-run=client \
-o yaml \
-l 'app.kubernetes.io/component in (webhook,controller)' But perhaps we should consider whether to provide manifests suitable for a multi-stage install, similar to that documented by linkerd Although, I'd have thought it should be split as follows:
|
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
I usually use |
A possible way to very flexible for various install methods, is to keep |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
On a similar topic - helm doesn't wait for CRDs to install before applying resources which depend on those CRDs. This means that technically, |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
It would be great to have things like this to make Kustomize easier to use. You can reference the compiled yaml, but it doesn't compose nicely. I was trying to have a 'system' setup, which puts thinks like ingress, cert-manager, metal-lb in a system namespace. With metal-lb I can grab parts, but with cert-manager it includes a namespace definition, and then that conflicts with other tools that have a namespace definition, and as it's only as a one file, I might have to manually edit that by hand to then install it. Kustomizes philosophy is fairly additive, e.g you add in more parts, but I don't think it has 'take this base, and remove these components', so the big bundle does cause friction with it. It would be great if the various components where published in parts too, that way you can pick which ones and use overlays afterwards to tweak the setup. It would also be great for managing CRDs, as they are 'super admin scoped' anyway, you might want to have 'crd' maintenance and 'cert-manager' maintainer be different roles, but as the yaml contains the CRD there's a bit of an overlap |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. |
/remove-lifecycle stale |
Currently the GitHub releases include two assets (among others): cert-manager.crds.yaml and cert-manager.yaml. The former only includes the CRD specs, while the latter is everything (CRDs, deployments, service accounts, etc.).
I would like to suggest that another asset be added for the non-CRD resources (i.e., the difference between the two). This is because sometimes we have to make tweaks to these specs to make it work properly, and it would be a lot easier to have a single file we can use as a base every upgrade instead of having to copy just the tail end of the full cert-manager.yaml file. But we don't make modifications to the (enormous) CRD specs.
The text was updated successfully, but these errors were encountered: